8 min read
The Tuesday Briefing — Apr 14, 2026
Weekly security intelligence for SMBs. Top threats, quick hits, and one action to take now.
Blog
Thoughts on safe autonomy, engineering automation, and reducing cognitive overhead without putting your systems at risk.
The Tuesday Briefing
Weekly security intelligence for teams without a security team.
Top threats, quick hits, and one action to take — every Tuesday.
9 min read
Project Glasswing: AI Finds Zero-Days Faster Than Humans Can Patch Them
Anthropic's Project Glasswing deployed Claude Mythos Preview to autonomously discover thousands of zero-days with a 72.4% exploit success rate. Less than 1% of findings have been patched. The bottleneck is no longer discovery — it's everything that comes after.
6 min read
The Tuesday Briefing — Apr 7, 2026
Weekly security intelligence for SMBs. Top threats, quick hits, and one action to take now.
12 min read
Vibe Coding's $1.5M Mistake
A penetration testing firm audited 15 applications built with AI coding assistants. They found 69 exploitable vulnerabilities, 6 critical. The estimated remediation cost: $1.5 million. Teams shipping AI-generated code need to focus on the security debt accumulating underneath.
6 min read
The Tuesday Briefing — Mar 31, 2026
Weekly security intelligence for SMBs. Top threats, quick hits, and one action to take now.
7 min read
88% Already Hit. Permissions Are the Root Cause.
Nearly 9 in 10 organizations report AI agent security incidents. The root cause isn't prompt injection or model flaws — it's overly broad permissions.
8 min read
The Tuesday Briefing — Mar 24, 2026
Weekly security intelligence for SMBs. Top threats, quick hits, and one action to take now.
6 min read
AI Executes. Humans Own It.
The execution case and the accountability case are both right. The interesting question is what happens when you put them together.
9 min read
Guardrails Failed. Now What?
Static AI guardrails are failing in production. Langflow was exploited within 20 hours. Cline was compromised through a GitHub issue title. Here's what actually works instead.
6 min read
The Tuesday Briefing — Mar 17, 2026
Weekly security intelligence for SMBs. Top threats, quick hits, and one action to take now.
5 min read
Your Compliance Assessment Does Not Cover AI Agents
NIST RA-5, ISO 27001 9.2, DORA, FedRAMP 20x — four major compliance frameworks share the same blind spot: none of them account for AI agents in your environment. Here is what that means and what to do about it.
10 min read
Amazon Kiro Deleted Production. Here's What Every Engineering Leader Should Learn.
Amazon mandated 80% adoption of its AI coding agent Kiro. Then Kiro deleted a production environment, caused a 13-hour AWS outage, and kicked off a chain of incidents that cost millions of orders. The failure wasn't the AI — it was deploying autonomy before safety infrastructure existed.